Legal · Placeholder

Privacy policy.

What Grid collects, how we use it, who we share it with, and the rights you have over your own data.

Last updated 2026-05-20

Draft for review. This document is placeholder copy patterned on common SaaS templates. It has not been reviewed by qualified counsel and is not yet binding. Last updated 2026-05-20.

This is a placeholder document.The text below sketches the structure of a privacy policy patterned on common SaaS templates. It has not been reviewed by qualified counsel, contains generic language rather than binding commitments, and must be replaced with a lawyer-reviewed policy before any production launch. Use it to evaluate the shape of Grid's eventual privacy posture, not as a current legal statement.

1. Introduction

Grid is a multi-tenant business operations platform built and operated by techinverted (“Grid”, “we”, “us”). This privacy policy describes the information we collect from the people who sign up for Grid, the businesses that operate tenants on Grid, and the visitors of our marketing website.

This document is intended to be read alongside our terms of service and sub-processor list. When this policy refers to “personal data”, we mean information that identifies an individual person — a name, an email address, an IP address, or any identifier tied to those.

Grid is currently operated from the European Union with infrastructure in the United States and the European Union. Customers can request a specific region at tenant creation. For questions about this policy, write to [email protected].

2. Information we collect

We collect three broad categories of information: account information you give us directly, usage data your browser and device generate as you use Grid, and content you and your team store inside your tenant.

Account information

When you sign up, we collect your name, your work email address, the name of your organisation, and — if you subscribe to a paid plan — billing details processed by our payment provider. We do not store full payment card numbers; those are tokenised by Stripe (see our sub-processors).

Usage data

As you use Grid, our servers receive standard request metadata: IP address, user agent, the route you visited, and timestamps. We use a small set of first-party cookies for authentication, session persistence, and theme preference. We do not use cross-site tracking cookies. Cookie preferences are managed via the consent banner the first time you visit the marketing site; you can revisit your choices at any time.

Content you store

Records you create inside your Grid tenant — contacts, deals, tasks, documents, messages, and so on — are stored in your tenant's region. We treat the content of your tenant as your property and we do not mine it for advertising. Tenant content is accessed by Grid staff only when required to operate the service (for example, to investigate a support ticket you opened) or when compelled by law, and every such access is logged in the platform audit log.

3. How we use information

We use the information described above to provide and improve the Grid service, to keep our platform secure, and to communicate with you about your account.

Specifically: we use account information to identify you, sign you in, and bill you. We use usage data to diagnose errors, monitor performance, and make informed decisions about which parts of Grid to invest in. We use the content you store only to deliver the features you have asked for — rendering it in the UI, running search across it, syncing it to third-party providers you have connected, and producing the outputs of AI agents you have invoked.

We do not sell personal data, and we do not share personal data with third-party advertisers. Aggregate, de-identified statistics about product usage may be shared publicly (for example, “X percent of tenants use workflows”) — these statistics contain no identifiers and cannot be reverse-engineered to identify individual users or tenants.

4. How we share information

We share information with the infrastructure providers that power Grid — our sub-processors — and with no one else by default. Our current sub-processor list is published at /legal/sub-processorsand is updated whenever we add, remove, or change a vendor. Each sub-processor is contractually bound to handle data on Grid's behalf and to use it only for the purpose for which we engage them.

We may disclose information when required by law, by valid legal process, or when we believe in good faith that disclosure is necessary to protect our rights, our users, or the public. When we receive a government request that names a specific tenant, we notify that tenant unless we are legally prohibited from doing so, and we publish an annual summary of the number and nature of government requests received as soon as a meaningful sample size has been reached.

If Grid is acquired or merges with another business, your information may be transferred to the successor entity. We will notify customers in writing before any such transfer takes effect, and the successor entity will be bound by the same commitments described in this policy until any revisions are communicated and accepted. Customers who object to a transfer may terminate their subscription and receive a pro-rata refund of any prepaid fees for the unexpired portion of the term.

5. Your rights

Depending on where you live, you may have the right to access the personal data we hold about you, to correct it, to delete it, to export it in a portable format, or to object to certain uses of it.

To exercise any of these rights, write to [email protected] with the email address associated with your account. We aim to respond to rights requests within 30 days. If you are a tenant administrator, most of these actions are also available to you directly inside Grid: account settings let you export your data, delete users, and request tenant erasure.

We do not charge a fee for honouring rights requests except in the rare case where a request is unfounded or excessive, as permitted by applicable law.

6. Data retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to fulfil legal and operational requirements — typically up to thirty days for the active dataset and up to seven years for billing records, in line with tax-record obligations.

Retention policies for specific data types — audit logs, deleted records, backups — are described in our data processing addendum (DPA), available on request. Tenant administrators can configure shorter retention windows inside Grid where the underlying data type supports it; this applies in particular to audit logs (default ninety days, configurable up to seven years) and to soft-deleted records (default thirty days before hard deletion).

Backups follow a separate retention schedule. Database backups are kept for thirty days; object-storage backups follow the retention policy of the underlying storage provider. When a customer requests tenant erasure, we purge active data immediately and purge the corresponding backup data at the next scheduled rotation.

7. International transfers

Grid stores customer data in the region you select when creating your tenant. Where data is transferred between regions — for example, when a customer in the European Union elects to host in the United States — we rely on the legal mechanisms recognised by data-protection regulators at the time of transfer, including standard contractual clauses where applicable.

Our sub-processor list notes the operating region of each provider so you can evaluate the transfers implied by your configuration.

8. Children's data

Grid is a business platform and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to Grid, write to [email protected] and we will delete the data and the associated account.

9. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify customers in writing — by email to account administrators — at least thirty days before the changes take effect, and we will update the “last updated” date at the top of this document. Minor editorial changes that do not affect substance will be applied without advance notice.

10. Contact us

For questions, complaints, or data-subject rights requests related to this policy, write to [email protected]. If you are not satisfied with our response, you may have the right to lodge a complaint with the data-protection authority in your jurisdiction.

We do not currently maintain a formally appointed data protection officer (DPO). When that role is filled, the appointment and contact details will be published in this document.

Have a privacy question?

Need a DPA, sub-processor list, or a bespoke clause? Email [email protected].